front-plugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's SDK methods explicitly allow retrieving and displaying external and user-generated content — e.g., context.relayHttp()/context.openUrl('https://example.com') in rules/sdk-methods.md and context.listMessages() / ApplicationMessage.content.body in rules/context-types.md — which the plugin code/examples use and may be read/acted on (e.g., creating drafts or other actions), exposing the agent to untrusted third-party content that could inject instructions.